Tailscale SSH: Simplify and Secure SSH Connections on Your Tailnet

Tailscale SSH is a new feature designed to simplify and secure SSH connections within a Tailscale network by using Tailscale identities instead of traditional SSH keys. This approach eliminates the need for managing SSH keys, as it leverages WireGuard for authentication and encryption, and allows for connections between devices based on access control lists (ACLs). Tailscale SSH can reroute incoming traffic to an SSH service within the Tailscale daemon, bypassing the traditional SSH server, and can integrate with existing identity providers for clear user-device associations. For high-risk connections, a check mode is available requiring recent re-authentication, enhancing security. Tailscale SSH is available on Linux devices and can be used concurrently with existing SSH configurations, allowing for a gradual rollout. It also supports the use of SSH access rules to define user permissions and connection authorizations. Tailscale SSH aims to eliminate the complexity of managing SSH keys, setting up bastion hosts, and reducing exposure to the open internet, and it is currently in beta, included in all Tailscale plans.